Warning: Fake Amazon order confirmations spread that Schadprogramm Emotet. Links contained in the e-mails

[Disco Bob]

Fake emails on behalf of colleagues, business partners or acquaintances - malicious software that paralyzes entire corporate networks: Emotet is considered one of the most dangerous threats of malicious software worldwide and caused by the reloading of other malicious programs currently high damage in Germany. The Federal Office for Information Security (BSI) has received in recent days a conspicuous accumulation of reports on serious IT security incidents related to Emotet. In individual cases, as a result of failures of the entire IT infrastructure, critical business processes have been reduced, causing millions of dollars worth of damage. In addition, the BSI has been notified of other cases with a less severe course in which malware analysts of the BSI were able to prove that they have emotitis infections. Emotet is still being distributed through large-scale spam campaigns, posing an acute threat to business, government and home users. Under its mandate, the BSI has appointed CRITIS operators, federal and state government agencies, as well as participants in the Alliance for Cybercrime. Safety again warned against Emotet today and recommended effective comprehensive protection. Adapted to the target groups companies and private users, these are available on the websites of the BSI

https://www.allianz-fuer-cybersicherheit.de/ACS/emotet und https://www.bsi-fuer-buerger.de/BSIFB/emotet.

 

BSI President Arne Schönbohm explains: "In our estimation, Emotet is a case of cybercrime, in which the methods of highly professional APT attacks have been adapted and automated. Already in the current situation report of the BSI we spoke of a new quality of the danger and see ourselves confirmed by Emotet therein. We therefore urge companies and organizations to protect their IT infrastructure, and in particular their critical business processes, from this type of threat and adequately expand their IT security measures. Appropriate prevention can significantly reduce the risk of Emotitis infection. With the well-established standard approach of IT-Grundschutz and the Alliance for Cyber Security cooperation platform, the BSI, as the national cybersecurity authority, provides the means and support to achieve this goal. "

Through the so-called "Outlook Harvesting" Emotet is able to send authentic-looking spam mails. The malware reads out contact relations and, for some weeks, e-mail content from the mailboxes of already infected systems. This information uses the perpetrators to further spread the malicious program in subsequent spam campaigns, so that the recipients receive fake emails from senders with whom they were recently in contact. The BSI therefore expects in the future with a further increase in well-made, automated social engineering attacks of this kind, which are barely identifiable as such for the recipient. This method is also suitable for the use of highly specialized spear-phishing attacks on particularly high-quality targets.

Emotet also has the ability to reload more malicious software as soon as it infects a computer. These malicious programs enable attackers to read out access data and complete remote access to the system. Recently, in particular, the banking Trojan "Trickbot" was reloaded, the u.a. via the readout of access data (Mimikatz) and SMB vulnerabilities (Eternal Blue / Romance) can spread independently in a network. Depending on the network configuration, it has come to failure of complete corporate networks. Because of constant modifications, the malicious programs are initially not recognized by standard virus protection programs and make profound changes to infected systems. Cleanup attempts are usually unsuccessful and involve the risk of parts of the malware remaining on the system. Once infected systems are therefore fundamentally considered to be completely compromised and need to be rebuilt. In several cases known to the BSI, this resulted in lost production because entire corporate networks had to be completely rebuilt.

 

https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/BSI_warnt_vor_Emotet.html